Description
Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2009-1077 | Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. |
References
History
No history.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-09-16T22:36:44.565Z
Reserved: 2009-03-25T00:00:00.000Z
Link: CVE-2009-1076
No data.
Status : Modified
Published: 2009-03-25T15:30:00.297
Modified: 2026-06-16T23:06:27.200
Link: CVE-2009-1076
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
EUVD